|
|
@@ -208,54 +208,6 @@ gitleaks git --baseline-path gitleaks-report.json --report-path findings.json
|
|
|
|
|
|
After running the detect command with the --baseline-path parameter, report output (findings.json) will only contain new issues.
|
|
|
|
|
|
-### Verify Findings
|
|
|
-
|
|
|
-You can verify a finding found by gitleaks using a `git log` command.
|
|
|
-Example output:
|
|
|
-
|
|
|
-```
|
|
|
-Finding: aws_secret="AKIAIMNOJVGFDXXXE4OA"
|
|
|
-RuleID: aws-access-token
|
|
|
-Secret AKIAIMNOJVGFDXXXE4OA
|
|
|
-Entropy: 3.65
|
|
|
-File: checks_test.go
|
|
|
-Line: 37
|
|
|
-Commit: ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29
|
|
|
-Author: Zachary Rice
|
|
|
-Email: z@email.com
|
|
|
-Date: 2018-01-28T17:39:00Z
|
|
|
-Fingerprint: ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29:checks_test.go:aws-access-token:37
|
|
|
-```
|
|
|
-
|
|
|
-We can use the following format to verify the leak:
|
|
|
-
|
|
|
-```
|
|
|
-git log -L {StartLine,EndLine}:{File} {Commit}
|
|
|
-```
|
|
|
-
|
|
|
-So in this example it would look like:
|
|
|
-
|
|
|
-```
|
|
|
-git log -L 37,37:checks_test.go ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29
|
|
|
-```
|
|
|
-
|
|
|
-Which gives us:
|
|
|
-
|
|
|
-```
|
|
|
-commit ec2fc9d6cb0954fb3b57201cf6133c48d8ca0d29
|
|
|
-Author: zricethezav <thisispublicanyways@gmail.com>
|
|
|
-Date: Sun Jan 28 17:39:00 2018 -0500
|
|
|
-
|
|
|
- [update] entropy check
|
|
|
-
|
|
|
-diff --git a/checks_test.go b/checks_test.go
|
|
|
---- a/checks_test.go
|
|
|
-+++ b/checks_test.go
|
|
|
-@@ -28,0 +37,1 @@
|
|
|
-+ "aws_secret= \"AKIAIMNOJVGFDXXXE4OA\"": true,
|
|
|
-
|
|
|
-```
|
|
|
-
|
|
|
## Pre-Commit hook
|
|
|
|
|
|
You can run Gitleaks as a pre-commit hook by copying the example `pre-commit.py` script into
|
Zachary Rice